jonasfj

// Copyright 2019 Google LLC.
// SPDX-License-Identifier: Apache-2.0

import 'dart:async' show FutureOr;
import 'dart:async';
import 'dart:convert' show utf8, json;
import 'dart:io' show Directory, Process, IOException, File;
import 'package:http/http.dart' as http;
import 'package:retry/retry.dart' show retry;
import 'package:pool/pool.dart' show Pool;

jonasfj

Two simple test files for dart.io.

1. Run dart download.dart
2. Run dart extract.dart

Have fun..

jonasfj

// Copyright 2019 Google LLC.
// SPDX-License-Identifier: Apache-2.0
//
// Experiments with dart, grpc and googleapis
// ==========================================
//
// 1. Install `protoc`
// 2. `pub global activate protoc_plugin`
// 3. `git clone https://github.com/googleapis/googleapis`
// 4. `protoc --dart_out=grpc:lib/src/generated -I googleapis/ -I /usr/local/include/ googleapis/google/cloud/vision/v1/image_annotator.proto`

jonasfj

import requests
from relengapi.lib.permissions import p

def scope_satisfied(req, scopes):
    """
    Returns true, if scopes satisfies req
    """
    return any((
      s == req or (s.endswith('*') and req.startswith(s[:-1])) for s in scopes
    ))

jonasfj

Decent links:
 * https://github.com/drduh/YubiKey-Guide
 * https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
 * http://stafwag.github.io/blog/blog/2015/06/16/using-yubikey-neo-as-gpg-smartcard-for-ssh-authentication/
 * Or just google for gpg, yubikey, ssh, there is a lot of guides.


## The GPG setup

jonasfj

#!/bin/bash

# This script expects AWS credentials:
#   SIGNIN_AWS_ACCESS_KEY_ID
#   SIGNIN_AWS_SECRET_ACCESS_KEY
# And optionally the TOTP entry name in your yubikey
#   SIGNIN_AWS_YUBIKEY_OATH_NAME
# Put these environment variables into your .bashrc.local (or .bashrc, if you
# don't sync dot-files). In your .bashrc you'll also want:
#   alias signin-aws='eval `signin-aws`'

jonasfj

Example Configuration for tc-worker with script-engine

Example task: https://tools.taskcluster.net/groups/FxNyHL2oRnWBFzWUdqIkGQ/tasks/FxNyHL2oRnWBFzWUdqIkGQ/details

This works with any clientId/accessToken that has the scope: assume:project:autophone:custom-worker-scopes Notice, that you can take the scopes from that role and make them more specific, so workers have fewer permissions.

jonasfj

import _ from 'lodash';
import assert from 'assert';

// Render string given context
let renderString = (value, context) => {
  return value.replace(/\${([^}]+)}/g, (expr, key) => {
    if (context[key] === undefined) {
      throw new Error('Undefined variable referenced in: ' + expr);
    }
    if (!_.includes(['number', 'string'], typeof(context[key]))) {

jonasfj

import _ from 'lodash';
import Ajv from 'ajv';
import assert from 'assert';
import taskcluster from 'taskcluster-client';

let data = {}; // TODO: Load actions.json from decision task

if (data.version > 1) {
  throw Error('Unsupported version of public/actions.json');
}

jonasfj

$schema: http://json-schema.org/draft-04/schema#
id: https://hg.mozilla.org/mozilla-central/raw-file/tip/taskcluster/docs/actions-schema.yml
title: Schema for Exposing Actions
description: |
  This document specifies the schema for the `public/actions.json` used by
  _decision tasks_ to expose actions that can be triggered by end-users.

  For the purpose of this document the _consumer_ is the user-interface that
  displays task results to the end-user and allows end-users to trigger actions
  defined by `public/actions.json`. A _consumer_ might be Treeherder.